Alerts
July 29, 2025 - FBI, CISA, RCMP, ACSC, AFP, CCCS, NCSC-UK
Scattered Spider Full Text
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Royal Canadian Mounted Police (RCMP), Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC), Australian Federal Police (AFP), Canadian Centre for Cyber Security (CCCS), and United Kingdom’s National Cyber Security Centre (NCSC-UK)—hereafter referred to as the authoring organizations—are releasing this joint Cybersecurity Advisory in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors, subsectors, and other sectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as June 2025.
July 23, 2025 - FBI
The Com: Theft, Extortion, and Violence are a Rising Threat to Youth Online Full Text
The Federal Bureau of Investigation is warning the public about a growing and evolving online threat group known as The Com, short for The Community. The Com is a primarily English speaking, international, online ecosystem comprised of multiple interconnected networks whose members, many of whom are minors, engage in a variety of criminal violations. The FBI estimates thousands of individuals identify as current or recent members of The Com with varying levels of associated activity. Criminal activity conducted by members of The Com includes, but is not limited to, swatting1/hoax threats, extortion/sextortion of minors, production and distribution of child sexual abuse material, violent crime, and various types of cyber crimes. The latter category is broad and includes distributed denial-of-service (DDoS) attacks, subscriber identity module (SIM) swapping2, ransomware, intellectual property theft, extortion, cryptocurrency theft, and money laundering. The motivations behind the criminal activity vary, but often fall within one of the following: financial gain, retaliation, ideology, sexual gratification, and notoriety.
July 22, 2025 - CISA
CISA Adds Four Known Exploited Vulnerabilities to Catalog Full Text
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-54309 CrushFTP Unprotected Alternate Channel Vulnerability CVE-2025-6558 Google Chromium ANGLE and GPU Improper Input Validation Vulnerability CVE-2025-2776 SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability CVE-2025-2775 SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
July 10, 2025 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-5777 Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
July 3, 2025 - Government of Canada
Grafana security advisory (AV25-394) Full Text
On July 2, 2025, Grafana published a security advisory to address critical vulnerabilities in the following products: Grafana Image Renderer – versions prior to 3.12.9 Synthetic Monitoring Agent – versions prior to 0.38.3
July 1, 2025 - CISA
CISA Adds Two Known Exploited Vulnerabilities to Catalog Full Text
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-48927 TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability CVE-2025-48928 TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability
June 24, 2025 - CISA
CISA Releases Eight Industrial Control Systems Advisories Full Text
CISA released eight Industrial Control Systems (ICS) advisories on June 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
June 23, 2025 - Government of Canada
HPE security advisory (AV25-365) Full Text
On June 23, 2025, HPE published a security advisory to address a vulnerability in the following product: HPE Telco Unified OSS Console – version prior to v3.1.16
June 6, 2025 - Government of Canada
Jenkins security advisory (AV25-321) Full Text
On June 6, 2025, Jenkins published a security advisory to address vulnerabilities in the following products: Gatling Plugin – version 136.vb_9009b_3d33a_e and prior The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.
June 3, 2025 - Government of Canada
[Control systems] ABB security advisory (AV25-311) Full Text
On June 2, 2025, ABB published a security advisory to address critical vulnerabilities in the following products: Welcome IP-Gateway – version 6.20 and prior Welcome IP-Gateway (Welcome M) – version 6.20 and prior Welcome IP-Gateway MDRC – version 6.20 and prior
May 27, 2025 - CISA
Johnson Controls iSTAR Configuration Utility (ICU) Tool Full Text
Successful exploitation of this vulnerability may allow an attacker to gain access to memory leaked from the ICU. This utility is only used to configure products that are no longer manufactured or supported. ICU is not used to configure the iSTAR Ultra and the current iSTAR G2 series of controllers. Furthermore, this vulnerability only impacts ICU and the Windows PC it is running on. This vulnerability does not impact iSTARs, including the legacy iSTARs.
May 15, 2025 - FBI
Senior US Officials Impersonated in Malicious Messaging Campaign Full Text
FBI is issuing this announcement to warn and provide mitigation tips to the public about an ongoing malicious text and voice messaging campaign. Since April 2025, malicious actors have impersonated senior US officials to target individuals, many of whom are current or former senior US federal or state government officials and their contacts. If you receive a message claiming to be from a senior US official, do not assume it is authentic.
April 16, 2025 - FBI
FBI Warns of Scammers Impersonating the IC3 Full Text
The Federal Bureau of Investigation (FBI) warns the public about an ongoing fraud scheme where criminal scammers are impersonating FBI Internet Crime Complaint Center (IC3) employees to deceive and defraud individuals. Between December 2023 and February 2025, the FBI received more than 100 reports of IC3 impersonation scams.
April 16, 2025 - CISA
CISA Releases Guidance on Credential Risks Associated with Potential Legacy Oracle Cloud Compromise Full Text
CISA is aware of public reporting regarding potential unauthorized access to a legacy Oracle cloud environment. While the scope and impact remains unconfirmed, the nature of the reported activity presents potential risk to organizations and individuals, particularly where credential material may be exposed, reused across separate, unaffiliated systems, or embedded (i.e., hardcoded into scripts, applications, infrastructure templates, or automation tools). When credential material is embedded, it is difficult to discover and can enable long-term unauthorized access if exposed.
April 7, 2025 - NSA, CISA, FBI, ASD’s ACSC, CCCS, NCSC-NZ
Fast Flux: A National Security Threat Full Text
Many networks have a gap in their defenses for detecting and blocking a malicious technique known as “fast flux.” This technique poses a significant threat to national security, enabling malicious cyber actors to consistently evade detection. Malicious cyber actors, including cybercriminals and nation-state actors, use fast flux to obfuscate the locations of malicious servers by rapidly changing Domain Name System (DNS) records. Additionally, they can create resilient, highly available command and control (C2) infrastructure, concealing their subsequent malicious operations. This resilient and fast changing infrastructure makes tracking and blocking malicious activities that use fast flux more difficult.
March 28, 2025 - CISA
CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure Full Text
CISA has published a Malware Analysis Report (MAR) with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the SPAWNCHIMERA[1] malware variant, including surviving reboots; however, RESURGE contains distinctive commands that alter its behavior.
March 25, 2025 - CISA
Inaba Denki Sangyo CHOCO TEI WATCHER mini Full Text
CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Inaba Denki Sangyo Co., Ltd. Equipment: CHOCO TEI WATCHER mini Vulnerabilities: Use of Client-Side Authentication, Storing Passwords in a Recoverable Format, Weak Password Requirements, Direct Request ('Forced Browsing')
March 19, 2025 - CISA
CISA Adds Three Known Exploited Vulnerabilities to Catalog Full Text
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
March 13, 2025 - CISA
Sungrow iSolarCloud Android App WiNet Firmware Full Text
CVSS v4 9.5 - ATTENTION: Exploitable remotely - Vendor: Sungrow - Equipment: iSolarCloud Android App, WiNet Firmware - Vulnerabilities: Improper Certificate Validation, Use of a Broken or Risky Cryptographic Algorithm, Authorization Bypass Through User-Controlled Key, User of Hard-Coded Credentials, Stack-Based Buffer Overflow, Heap-Based Buffer Overflow
March 7, 2025 - FBI
FBI Denver Warns of Online File Converter Scam Full Text
The FBI Denver Field Office is warning that agents are increasingly seeing a scam involving free online document converter tools, and we want to encourage victims to report instances of this scam.
March 7, 2025 - NCSC, Switzerland
Reporting cyberattacks on critical infrastructure mandatory from 1 April 2025 Full Text
07.03.2025 - At its meeting on 7 March, the Federal Council introduced a reporting obligation for cyberattacks on critical infrastructure, which will come into force on 1 April. Operators of critical infrastructure will be required to report cyberattacks to the National Cyber Security Centre (NCSC) within 24 hours of discovery. These reports will enable the NCSC to assist victims of cyberattacks and alert operators of critical infrastructure.
February 25, 2025 - CISA
CISA Adds Two Known Exploited Vulnerabilities to Catalog Full Text
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability CVE-2023-34192 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
February 19, 2025 - CISA, FBI, MS-ISAC
CISA and Partners Release Advisory on Ghost (Cring) Ransomware Full Text
Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released a joint Cybersecurity Advisory, #StopRansomware: Ghost (Cring) Ransomware. This advisory provides network defenders with indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with Ghost ransomware activity identified through FBI investigations.
February 18, 2025 - CISA
CISA Releases Two Industrial Control Systems Advisories Full Text
CISA released two Industrial Control Systems (ICS) advisories on February 18, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-191-01 Delta Electronics CNCSoft-G2 (Update A) ICSA-25-035-02 Rockwell Automation GuardLogix 5380 and 5580 (Update A)
February 11, 2025 - CISA
CISA Adds Four Known Exploited Vulnerabilities to Catalog Full Text
CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-40891 Zyxel DSL CPE OS Command Injection Vulnerability CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability CVE-2025-21418 Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability CVE-2025-21391 Microsoft Windows Storage Link Following Vulnerability
February 5, 2025 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-53104 Linux Kernel Out-of-Bounds Write Vulnerability
February 4, 2025 - CISA
CISA Partners with ASD’s ACSC, CCCS, NCSC-UK, and Other International and US Organizations to Release Guidance on Edge Devices Full Text
CISA—in partnership with international and U.S. organizations—released guidance to help organizations protect their network edge devices and appliances, such as firewalls, routers, virtual private networks (VPN) gateways, Internet of Things (IoT) devices, internet-facing servers, and internet-facing operational technology (OT) systems. The published guidance is as follows:
February 4, 2025 - CISA
CISA Adds Four Known Exploited Vulnerabilities to Catalog Full Text
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-45195 Apache OFBiz Forced Browsing Vulnerability CVE-2024-29059 Microsoft .NET Framework Information Disclosure Vulnerability CVE-2018-9276 Paessler PRTG Network Monitor OS Command Injection Vulnerability CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
January 30, 2025 - FDA
Cybersecurity Vulnerabilities with Certain Patient Monitors from Contec and Epsimed: FDA Safety Communication Full Text
The U.S. Food and Drug Administration (FDA) is raising awareness among health care providers, health care facilities, patients, and caregivers that cybersecurity vulnerabilities in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors (which are Contec CMS8000 patient monitors relabeled as MN-120) may put patients at risk after being connected to the internet.
January 13, 2025 - CISA
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability Full Text
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to execute underlying operating system commands within the context of the site user.